A Kraken and Coinbase user lost about $6.7 million in crypto after an apparent physical attack led to withdrawals from both exchange accounts.
The stolen assets included 1,554 ETH and 10.5 BTC from Kraken, along with 34.1 cbBTC from Coinbase. At current market prices, the ETH was worth about $3.3 million, the BTC was worth about $812,000, and the cbBTC was worth roughly $2.6 million.
The theft address on Ethereum was 0xd3191Cba17504BDf7172ba9859aC854e3A79982A. The Bitcoin address tied to the case was bc1qxn9d9cecex7hkqw5mugw8makgrqq6crf26nqv3.
The known facts point to account-level withdrawals, not a Kraken or Coinbase platform breach. The attack appears to have targeted the user directly, making the case closer to coercion or forced access than a smart-contract exploit, exchange hack or phishing-only incident.
Tornado Cash Receives $5.3M
The attackers moved quickly after the withdrawals, with about $5.3 million routed into Tornado Cash. That step makes recovery harder because the mixer breaks the visible link between deposit and withdrawal addresses, reducing the ability to follow funds once they leave the original theft wallets.
The laundering pattern mirrors other cases where stolen ETH or wrapped assets move into Tornado Cash soon after a theft. A recent Echo Protocol bridge incident also saw ETH routed through Tornado Cash after an exploit, showing how quickly attackers can move from theft to obfuscation once assets reach Ethereum.
The Coinbase portion involved cbBTC, Coinbase’s wrapped Bitcoin asset. cbBTC is backed 1:1 by Bitcoin held by Coinbase, and it can move across supported onchain networks. In this case, that made part of the stolen value easier to route through Ethereum-compatible infrastructure after leaving the user’s Coinbase account.
Personal Security Becomes The Main Risk
A physical crypto theft creates a different threat model from a remote hack. Strong passwords, two-factor authentication and withdrawal controls help protect against online compromise, but they may not stop an attacker who can force a victim to unlock devices, approve transfers or reveal exchange access.
High-balance exchange users face extra exposure because their assets can be moved quickly once an attacker gets account control. Withdrawal allowlists, delays, account locks, device separation and lower hot-account balances can reduce the damage window, but they cannot fully remove coercion risk.
Recent Ledger seed-phrase theft coverage focused on social engineering and recovery-phrase exposure. This case is more direct. The risk is not just being tricked online, but being physically targeted because an attacker believes the victim controls large balances.
The next recovery window depends on exchange records, login history, device data, withdrawal metadata, blockchain tracing and whether any unmixed funds touch exchanges, bridges or identifiable counterparties. With $5.3 million already sent to Tornado Cash, the clearest remaining trail sits around the original withdrawals, the named theft addresses and any funds that have not yet passed through the mixer.
Be the first to comment